b'         U.S. ENVIRONMENTAL PROTECTION AGENCY\n         OFFICE OF INSPECTOR GENERAL\n\n\n\n                                        Catalyst for Improving the Environment\n\n\nAudit Report\n\n\n\n\n       Improved Data Integrity Needed\n       for the Integrated Contracts\n       Management System\n       Report No. 10-P-0144\n\n       June 14, 2010\n\x0cAbbreviations\n\nCOTS\t           Commercial Off-the-Shelf\nEAS       \t     EPA Acquisition System\nEPA \t           U.S. Environmental Protection Agency\nFAR       \t     Federal Acquisition Regulation\nFARA        \t   Federal Acquisition Reform Act\nFASA \t          Federal Acquisition Streamlining Act\nFPDS-NG \t       Federal Procurement Data System \xe2\x80\x93 Next Generation\nGAO \t           U.S. Government Accountability Office\nGSA       \t     General Services Administration\nICMS \t          Integrated Contracts Management System\nNIST \t          National Institute of Standards and Technology\nOAM\t            Office of Acquisition Management\nOAM-ITSC \t      Office of Acquisition Management \xe2\x80\x93 Information Technology\n                Service Center\nOIG \t           Office of Inspector General\nOMB \t           Office of Management and Budget\n\x0c                       U.S. Environmental Protection Agency \t                                            10-P-0144\n                                                                                                      June 14, 2010\n                       Office of Inspector General\n\n\n                       At a Glance\n                                                                          Catalyst for Improving the Environment\n\n\nWhy We Did This Review           Improved Data Integrity Needed for the\nThe Office of Inspector          Integrated Contracts Management System\nGeneral contracted with\nWilliams, Adley & Company,        What Williams, Adley & Company, LLP, Found\nLLP, to conduct a data\nintegrity audit of the           EPA needs to strengthen ICMS data integrity controls to increase the reliability of\nIntegrated Contracts             the data for management reporting. In particular, ICMS data contain exceptions\nManagement System (ICMS).        to data quality rules defined in the ICMS data dictionary and OAM-defined\nWe sought to determine           system checks. ICMS data also contain anomalies that cast suspicion over the\nwhether data within the ICMS     validity of processed transactions. These anomalies include transactions\ncomplied with the system edit    processed on nonstandard workdays and dollar values that are unusually high.\nand validation checks\n                                 Furthermore, discrepancies noted between OAM-defined system edit and\ndesigned to control data entry\nand quality.                     validation checks and the ICMS data dictionary call into question what actual\n                                 information should be entered into the ICMS for certain fields. The above\nBackground                       conditions are caused by a breakdown in controlling data entry or in maintaining\n                                 data and associated system documentation.\nThe U.S. Environmental\nProtection Agency\xe2\x80\x99s (EPA\xe2\x80\x99s)      As noted during our field work, EPA is replacing the ICMS with a new\nOffice of Acquisition            acquisition system called the EPA Acquisition System (EAS). While it may not\nManagement (OAM) supports        be practical for EPA to address these weaknesses within the ICMS, EPA should\nthe procurement needs of         take proactive steps to strengthen its data integrity processes so these similar\nprogram offices throughout       weaknesses do not exist in the EAS.\nEPA and utilizes the ICMS to\nfacilitate that process. The      What Williams, Adley & Company, LLP, Recommends\nICMS generates documents\ncritical to the procurement      Williams, Adley & Company, LLP, recommends that the Director, OAM:\nprocess and recorded contract\nvalues totaling approximately       \xe2\x80\xa2\t Take immediate action to implement recommendations to strengthen\n$15 billion for Fiscal Year            plans for migrating data from the ICMS to the EAS as outlined in OIG\n2007 and $17.5 billion for             Report No. 10-P-0071, Plans to Migrate Data to the New EPA\nFiscal Year 2008.                      Acquisition System Need Improvement.\n                                    \xe2\x80\xa2\t Conduct and document a review of the EAS data quality controls to\n                                       ensure all required edit checks are identified and recorded in the EAS\nFor further information,               system documentation and implemented in the system.\ncontact our Office of               \xe2\x80\xa2\t Conduct and document a review of the EAS system development and\nCongressional, Public Affairs          program change control procedures to ensure that the EAS data\nand Management at                      dictionary is updated as database fields, and corresponding edit and\n(202) 566-2391.\n                                       validation checks are added or modified within the system. Implement\nTo view the full report,               all needed changes to the procedures.\nclick on the following link:\nwww.epa.gov/oig/reports/2010/    The Agency generally agreed with the findings and recommendations.\n20100614-10-P-0144.pdf\n\x0c                          UNITED STATES ENVIRONMENTAL PROTECTION AGENCY\n                                       WASHINGTON, D.C. 20460\n\n\n                                                                                      OFFICE OF\n                                                                                 INSPECTOR GENERAL\n\n\n\n                                              June 14, 2010\n\nMEMORANDUM\n\nSUBJECT:\t Improved Data Integrity Needed for the Integrated Contracts\n          Management System\n          Report No. 10-P-0144\n\n\nFROM:\t         Rudolph M. Brevard\n               Director, Information Resources Management Assessments\n               Office of Inspector General\n\nTO: \t          John Gherardini, Deputy Director\n               Office of Acquisition Management\n               Office of Administration and Resources Management\n\n\nThis is the report on the subject audit conducted by Williams, Adley & Company, LLP\n(Williams Adley), on behalf of the Office of Inspector General (OIG) of the U.S. Environmental\nProtection Agency (EPA). This report contains findings that describe the problems Williams\nAdley identified and corrective actions recommended. This report represents the conclusions of\nWilliams Adley and does not necessarily represent the final EPA position. Final determinations\non matters in this report will be made by EPA managers in accordance with established audit\nresolution procedures.\n\nThe estimated cost of this report, which includes contract costs and OIG contract management\noversight, is $424,969.\n\nAction Required\n\nIn accordance with EPA Manual 2750, you are required to provide a written response to this\nreport within 90 calendar days. You should include a corrective actions plan for agreed-upon\nactions, including milestone dates. We have no objections to the further release of this report to\nthe public. This report will be available at http://www.epa.gov/oig.\n\nIf you or your staff have any questions regarding this report, please contact me at (202) 566-0893\nor brevard.rudy@epa.gov; or Harry Kaplan, Project Manager, at (202) 566-0898 or\nkaplan.harry@epa.gov.\n\x0c                                         June 14, 2010\n\nMEMORANDUM\n\nSUBJECT: \t Improved Data Integrity Needed for the Integrated Contracts\n           Management System\n\nFROM: \t       Robert J. Fulkerson\n              Senior IT Audit Manager\n              Williams, Adley & Company, LLP\n\nTHRU:\t        Rudolph M. Brevard\n              Director, Information Resources Management Assessments\n              Office of Inspector General\n\nTO: \t         John Gherardini, Deputy Director\n              Office of Acquisition Management\n              Office of Administration and Resources Management\n\n\nThis memorandum is to inform the U.S. Environmental Protection Agency (EPA) of critical\nfindings of Williams, Adley, & Company, LLP, that require management action regarding the\nimproved data integrity needed for the Integrated Contracts Management System.\n\nIf you or your staff have any questions regarding this report, please contact Rudolph Brevard at\n(202) 566-0893 or brevard.rudy@epa.gov; or Harry Kaplan, Project Manager, at (202) 566-0898\nor kaplan.harry@epa.gov.\n\x0cImproved Data Integrity Needed for the                                                                                             10-P-0144\nIntegrated Contracts Management System\n\n\n\n\n                                       Table of Contents \n\nPurpose........................................................................................................................       1 \n\n\nBackground .................................................................................................................          1 \n\n\nScope and Methodology ............................................................................................                    1 \n\n\nFindings .......................................................................................................................      3 \n\n\nRecommendations......................................................................................................                 4 \n\n\nAgency Comments and OIG Evaluation ...................................................................                                4 \n\n\nStatus of Recommendations and Potential Monetary Benefits..............................                                               5\n\n\n\n\nAppendices                                                                           \n\nA          Exceptions to Data Dictionary Defined Edit & Validation Checks..............                                               6 \n\n\nB          Exceptions to OAM Information Technology Service Center \n\n           Defined Edit & Validation Checks..................................................................                         8\n\n\nC          Data Anomalies ...............................................................................................             10 \n\n\nD          Edit & Validation Checks that Require Updating in Data Dictionary..........                                                12 \n\n\nE          Agency Response ...........................................................................................                16 \n\n\nF          Distribution ......................................................................................................        18 \n\n\x0c                                                                                       10-P-0144\n\n\nPurpose\nWe sought to determine whether data within the Integrated Contracts Management System\n(ICMS) complied with the system edit and validation checks designed to control data entry and\nquality.\n\nBackground\nThe U.S. Environmental Protection Agency\xe2\x80\x99s (EPA\xe2\x80\x99s) Office of Inspector General (OIG)\ncontracted with Williams, Adley & Company, LLP (Williams Adley), to conduct this audit.\nEPA\xe2\x80\x99s Office of Acquisition Management (OAM) supports the procurement needs of program\noffices throughout EPA and utilizes the ICMS to facilitate that process. The ICMS generates\ndocuments critical to the procurement process and recorded contract values totaling\napproximately $15 billion for fiscal year 2007 and $17.5 billion for fiscal year 2008. The system\nalso provides data to the General Services Administration\xe2\x80\x99s Federal Procurement Data System \xe2\x80\x93\nNext Generation (FPDS-NG) to support congressional reporting and public access to acquisition\ndata. The ICMS populates the OAM Data Mart which provides reporting acquisition activities,\nand can assist in managing procurement operations, and assists Program Offices in complying\nwith set-aside requirements. Data edit and validation checks have been built into the ICMS to\nhelp ensure the accuracy of data that users enter into the system.\n\nFederal guidance, including the National Institute of Standards and Technology (NIST) and the\nOffice of Management and Budget (OMB), requires EPA to consistently apply data entry\ncontrols to ensure the integrity of their information technology systems and data, and to\naccurately report contractual actions to the FPDS. Specifically, OMB Circular A-127, Financial\nManagement Systems, states that internal controls over data entry and transaction processing\nshall be applied consistently throughout the system to ensure the validity of information. NIST\nSpecial Publication 800-30, Risk Management Guide for Information Technology Systems, states\nthat system and information owners are responsible for ensuring that proper controls are in place\nto address integrity of data they own. OMB M-06-28, Reporting Small Business Contracting\nInformation, states that each agency and department is responsible for submitting accurate data\nto FPDS and verifying the accuracy of such data. Lastly, Federal Acquisition Regulation (FAR)\n4.604(a) holds the Senior Procurement Executive and head of the contracting activity responsible\nfor monitoring a process that ensures accurate reporting of contractual actions to FPDS.\n\nThe EPA Office of Acquisition Management, Information Technology Service Center (ITSC) is\nresponsible for supporting the ICMS application, associated edit and validation checks, and\nsystem documentation. OAM-ITSC is based in Washington, DC, with a smaller number of staff\nresiding in Research Triangle Park, North Carolina, and is in the process of replacing ICMS with\nthe EPA Acquisition System (EAS), a commercial off-the-shelf (COTS) acquisition system. As\npart of the implementation process, data residing in ICMS will be migrated to the EAS.\n\nScope and Methodology\nWe conducted our review in accordance with generally accepted government auditing standards.\nThose standards require that we plan and perform the audit to obtain sufficient and appropriate\n\n                                                1\n\n\x0c                                                                                         10-P-0144\n\n\nevidence to provide a reasonable basis for our findings and conclusions based on the audit\nobjectives. Additionally, we used the guidance contained in Government Accountability Office\n(GAO) Guidance for Assessing the Reliability of Computer-Processed Data for evaluating the\ndatabase processes. The evidence obtained from our audit tests and processes provides a\nreasonable basis for our findings and conclusions.\n\nFrom the 1,552 ICMS database fields, we identified 207 fields that are considered critical high-\nrisk fields within the ICMS database. The fields were chosen due to their Financial, Compliance\nor Operational significance. This listing was further refined to identify 79 Financial and\nCompliance fields, for purposes of testing. Williams Adley defined critical high-risk fields\nutilizing the following criteria:\n\n   \xe2\x80\xa2\t Financial - Data that are critical to the accurate recording of monetary amounts for\n      contract solicitations, awards, contract documents, contract modifications, and task\n      orders/delivery orders.\n   \xe2\x80\xa2\t Compliance - Data that are critical to program office compliance with federal laws and\n      regulations, Federal Acquisition Regulations (FAR), the Federal Acquisition\n      Streamlining Act (FASA), the Federal Acquisition Reform Act (FARA), and the Office\n      of Federal Procurement Policy Act as amended Competition in Contracting Act of 1984\n      (41 USC); and EPA procurement and acquisition policies and procedures, including set-\n      asides for small business and socio-economic classes.\n\nWilliams Adley obtained a data extract from the ICMS database in September 2008 and\nimported all records for the 79 Financial and Compliance fields into a computer-assisted auditing\ntool to prepare for testing. Edit and validation checks for each of the 79 fields were identified\nfrom the current ICMS data dictionary dated February 28, 2005, and an Oracle field attributes\ndocument OAM provided. Williams Adley performed testing to evaluate record compliance\nwith the data dictionary and database defined edit and validation checks for each of the 79 fields.\nTesting included, but was not limited to, evaluation of the following:\n   \xe2\x80\xa2\t   Maximum number of characters\n   \xe2\x80\xa2\t   Null values (mandatory vs. nonmandatory fields)\n   \xe2\x80\xa2\t   Data Type (alpha numeric, character, numeric, date)\n   \xe2\x80\xa2\t   Evaluation of positive, negative, and zero entries\n   \xe2\x80\xa2\t   Evaluation of Max values, variance, and standard deviation\n\n\nWilliams Adley inquired with OAM-ITSC to obtain clarification and assurance to our\nunderstanding of the edit and validation checks contained in the data dictionary. This resulted in\nrequesting OAM-ITSC to provide updated edit and validation checks for the 79 subject fields.\nWe performed tests of the data contained in each field to evaluate record compliance with the\nOAM-ITSC defined checks for each of the 79 fields. Williams Adley then performed a\ncomparison between OAM-ITSC provided checks and the data dictionary to identify variances\nbetween the data dictionary and current checks. Lastly, we reviewed the data statistics to\nidentify anomalous records.\n\n\n\n\n                                                 2\n\n\x0c                                                                                         10-P-0144\n\n\nFindings\nThe ICMS data contains exceptions to data quality rules defined in the ICMS data dictionary or\nOAM-defined system checks. ICMS data also contain anomalies that cast suspicion over the\nvalidity of processed transactions. These anomalies include transactions processed on\nnonstandard workdays and dollar values with unusually high values. Furthermore, discrepancies\nnoted between ITSC-defined system edit and validation checks and the ICMS data dictionary\ncall into question what actual information should be entered into ICMS for certain fields. Data\nintegrity within the ICMS needs strengthening to increase its (1) reliability for management\nreporting and (2) accuracy before suspected errors are transferred into EPA\xe2\x80\x99s new acquisition\nsystem.\n\nThese weaknesses exist in part due to:\n\n    \xe2\x80\xa2\t A breakdown in the process for controlling data entry, which are necessary to control\n       data input;\n    \xe2\x80\xa2\t Lack of identifying and implementing edit and validation checks during system\n\n       implementation; and \n\n    \xe2\x80\xa2\t Inconsistent documenting of edit and validation checks in the ICMS data dictionary as\n       data requirements change.\n\nSixty-four percent\n(50 of 79) of the\nICMS fields passed                   ICMS Data Errors By Number of\nall four data integrity                      Tests Failed\ntests. The remaining\ndata fields failed at\nleast one or more          60                                                          50\ntests. The noted           50\ngraph depicts the          40\nbreakdown of ICMS          30\ndata field errors by                  15\n                           20                           13\nthe number of tests\nfailed. Appendices         10                                           1\nA through D provide         0\nthe details for each               Failed 1           Failed 2     Failed 3        No Errors\ntest performed and                  Tests              Tests        Tests\nthe listing of fields\nwhich failed the\nparticular test.\n\nThese conditions have the potential of reducing EPA management\xe2\x80\x99s ability to rely on ICMS data\nfor decision making purposes, due to possible inaccuracies in reporting and output data. As a\ncritical application used to support acquisition activities for all program offices of EPA, as well\nfor reporting to the General Service Administration\xe2\x80\x99s (GSA\xe2\x80\x99s) FPDS-NG management emphasis\nis needed to address these data integrity issues in a comprehensive manner.\n\n                                                 3\n\n\x0c                                                                                       10-P-0144\n\n\n\n\nAs noted during our fieldwork, EPA is replacing ICMS with a new acquisition system called the\nEPA Acquisition System (EAS). While it may not be practical for EPA to address these\nweaknesses within ICMS, EPA management should take proactive steps to strengthen its data\nintegrity processes so these similar weaknesses do not exist in the EAS.\n\nRecommendations\nWilliams, Adley & Company, LLP, recommends that the Director, Office of Acquisition\nManagement, within the Office of Administration and Resources Management:\n\n   1.\t Take immediate action to implement recommendations to strengthen plans for migrating\n       data from the ICMS to the EAS as outlined in Office of Inspector General Quick\n       Reaction Report No. 10-P-0071, Plans to Migrate Data to the New EPA Acquisition\n       System Need Improvement.\n\n   2.\t Conduct and document a review of the EAS application\xe2\x80\x99s data quality controls to ensure\n       all required edit checks are identified and recorded in the EAS system documentation and\n       implemented in the system.\n\n   3.\t Conduct and document a review of EAS system development and program change\n       control procedures to ensure the EAS data dictionary is updated as database fields, and\n       corresponding edit and validation checks are added or modified within the system.\n       Implement all needed changes to the procedures.\n\nAgency Comments and OIG Evaluation\nIn general, EPA agreed with our findings and recommendations. However, EPA felt that the\nreport did not accurately reflect the Agency\'s responsibilities for maintaining the system\ndocumentation, since the new acquisition is built from a commercial-off-the-shelf product. While\nwe agree that EPA has limited responsibility for maintaining the manufacturer\'s portion of the\nsystem software, EPA has taken significant steps to either configure the software to meet its\nneeds or build interfaces so the software could work with existing EPA applications. Therefore,\nto the extent that EPA engages in these activities, it is incumbent upon management to ensure it\nhas effective control processes in place to capture and document these changes in the EAS\nsystem documentation.\n\n\n\n\n                                               4\n\n\x0c                                                                                                                                            10-P-0144\n\n\n\n\n                                Status of Recommendations and\n                                  Potential Monetary Benefits\n\n\n                                                                                                                                  POTENTIAL MONETARY\n                                                    RECOMMENDATIONS                                                                BENEFITS (in $000s)\n\n                                                                                                                      Planned\n    Rec.   Page                                                                                                      Completion   Claimed     Agreed To\n    No.     No.                           Subject                        Status1          Action Official               Date      Amount       Amount\n\n     1       4     Take immediate action to implement                      O       Director, Office of Acquisition 11/15/2010\n                   recommendations to strengthen plans for migrating                  Management, within the\n                   data from the ICMS to the EAS as outlined in Office             Office of Administration and\n                   of Inspector General Quick Reaction Report No.                    Resources Management\n                   10-P-0071, Plans to Migrate Data to the New EPA\n                   Acquisition System Need Improvement.\n\n     2       4     Conduct and document a review of the EAS data           O       Director, Office of Acquisition\n                   quality controls to ensure all required edit checks                Management, within the\n                   are identified and recorded in the EAS system                   Office of Administration and\n                   documentation and implemented in the system.                      Resources Management\n\n     3       4     Conduct and document a review of EAS system             O       Director, Office of Acquisition 10/01/2010\n                   development and program change control                             Management, within the\n                   procedures to ensure the EAS data dictionary is                 Office of Administration and\n                   updated as database fields, and corresponding edit                Resources Management\n                   and validation checks are added or modified within\n                   the system. Implement all needed changes to the\n                   procedures.\n\n\n\n\n1   O = recommendation is open with agreed-to corrective actions pending\n    C = recommendation is closed with all agreed-to actions completed\n    U = recommendation is undecided with resolution efforts in progress\n\n\n\n\n                                                                               5\n\n\x0c                                                                                                     10-P-0144\n\n\n                                                                                                Appendix A\n\n                Exceptions to Data Dictionary Defined \n\n                      Edit & Validation Checks \n\nOur testing of the 79 sampled critical fields, which contain varying total records, revealed a total\nof 9 data fields with records in non-compliance with data dictionary-defined edit and validation\nchecks. Both Financial and Compliance related fields were included in these exceptions. These\nerrors as presented below indicate that exceptions exist throughout the ICMS database.\nHowever, the listing of the discrepancies does not indicate potential or actual risk. The total\nnumber of records is also not an indicator of risk or importance of the field. Testing was\nperformed only to identify the discrepancy existence. These exceptions are listed as noted\nexceptions from the sample selected. Testing did not measure the level of impact caused by\nthese exceptions and thus each field must be weighted equally in impact to overall operations of\nthe system. As noted in the table, these failures were due to one or more of the following\nconditions:\n\n\xe2\x80\xa2     Duplicate records\n\xe2\x80\xa2     Non-existent reference table\n\xe2\x80\xa2     Zero values\n\xe2\x80\xa2     Non-text character\n\xe2\x80\xa2     Gaps in sequential values\n\xe2\x80\xa2     Non-permissible numerical values\n\nField error rates were calculated based on the total exceptions and total record count per field\ntested. The error rates ranged from 0.002 percent to 100 percent.\n\n\n                                                       Edit /                                    Total\n                                                   Validation        Nature of     Number of    Record     Error Rate\n  Table         Field       Full Field Name           Check         Exceptions     Exceptions   Count      Percentage\n TGPF      GPF_EST_CST     Government            Reference        No existing             116        116     100%\n                           Property Facilities   table            reference\n                           Estimated Cost\n TC        SDB_PREF_PRG    Contract Small        Unique key       Multiple gaps         4,324      4,324     100%\n           RM_CD           Disadvantaged         and sequential   in sequence\n                           Business Program                       and duplicates\n                           Code\n\n\n\n TCLST     CLST_ID_CD      Close-Out             Unique           Multiple gaps         3,487      3,601    96.83%\n                           Identification        sequential key   in sequence\n                           Code                                   and duplicates\n\n\n\n\n                                                        6\n\n\x0c                                                                                                 10-P-0144\n\n\n\n                                                Edit /                                       Total\n                                             Validation         Nature of      Number of    Record     Error Rate\n Table       Field       Full Field Name        Check          Exceptions      Exceptions   Count      Percentage\nTASG     FULL_INCR_CD   Full/              No zero values    Zero values           16,334     46,964    34.78%\n                        Incrementally-     permissible,      found.\n                        Funded             nulls (blanks)\n                        Assignment Type    are allowed.\n\n\n\nTCEA     CEA_ID_NBR     Cost Element       Unique key        Multiple gaps         16,440     60,757    27.06%\n                        Account            and sequential.   in sequence\n                        Identification                       and duplicates.\n                        Number\n\n\n\nTOBL     OBL_ID_NBR     Obligation         Unique            Multiple gaps         35,674    196,718    18.13%\n                        Identification     sequential key.   in sequence\n                        Number                               and duplicates.\n\n\n\n\nTCAB     CAB_ID_NBR     Cost Aggregate     Unique key        Multiple gaps          4,000     58,149     6.88%\n                        Budget             and sequential.   in sequence\n                        Identification                       and duplicates.\n                        Number\n\n\n\nTASG     FAIR_OPTNTY_   Multiple Award     Range values      Values of 6             468      46,964     1.00%\n         CD             Contract Fair      between 1 to 5.   and 7 found.\n                        Opportunity Code\n\n\nTCEA     CEA_NAME       Cost Element       All text          Nontext                   1      60,757    0.002%\n                        Account Name       characters.       character.\n\n\n\n\n                                                  7\n\n\x0c                                                                                                        10-P-0144\n\n\n                                                                                                  Appendix B\n\n       Exceptions to OAM Information Technology \n\n     Service Center Defined Edit & Validation Checks\n\nOur testing of the 79 sampled critical fields revealed 5 fields in noncompliance with current edit\nand validation checks provided by OAM-ITSC during audit fieldwork. Current edit and\nvalidation checks were requested of OAM-ITSC during fieldwork, since the data dictionary had\nnot been updated since February 28, 2005. As noted in the below table, these failures were due\nto one or more of the following conditions:\n\n\xe2\x80\xa2   Null values (i.e., blanks)\n\xe2\x80\xa2   State codes in a ZIP Code-defined field\n\xe2\x80\xa2   Incorrect OAM-defined resource values\n\nActual error rates for these exceptions, most close to one hundred percent, were less definable\ndue to the nature of their causes, and thus were replaced with a description of the condition. It\nwas noted that both Financial and Compliance related fields were included in the listing of\nexceptions.\n\n\n                                                             Edit /\n                                                          Validation        Nature of       Description of Rule Violation\n    Table              Field          Full Field Name       Check          Exceptions                  Conditions\nTSF_1442       SF_1442_SBA_STATE     Standard Form       Valid State     All values are     OAM provided the edit check\n                                     1442 Small          code.           null.              rule that the set is based on\n                                     Business                                               ZIP Codes. Testing showed\n                                     Administration                                         that no ZIP Codes exist in the\n                                     State                                                  data field; therefore the edit\n                                                                                            check rule does not\n                                                                                            appropriately define the field.\n                                                                                            Testing for ZIP Code\n                                                                                            provides a 100% error rate for\n                                                                                            all entries in all tables.\nTPA_ORG_A      ADDR_ST               Procurement         Valid ZIP       All data entries   OAM provided the edit check\nDDR_ASS                              Activity            Code.           are State codes    rule that the set is based on\n                                     Organization                        and one zero       ZIP Codes. Testing showed\n                                     Address                             value entry.       that no ZIP Codes exist in the\n                                     Association State                                      data field; therefore the edit\n                                                                                            check rule does not\n                                                                                            appropriately define the field.\n                                                                                            Testing for ZIP Code\n                                                                                            provides a 100% error rate for\n                                                                                            all entries in all tables.\n\nTASG           ASG_LOE               Assignment Level    Reference to    OAM-defined        OAM provided the edit check\n                                     of Effort           other fields.   field resource     rule that if this is a deliver\n                                                                         values did not     order or task order, then value\n                                                                         match              must be \xe2\x89\xa4 to\n                                                                         ASG_LOE            99,999,999,999.99, and value\n                                                                         field values.      must be \xe2\x89\xa4 the sum of all.\n\n\n\n\n                                                    8\n\n\x0c                                                                                             10-P-0144\n\n\n\n                                                  Edit /\n                                                Validation     Nature of        Description of Rule Violation\n   Table         Field    Full Field Name        Check         Exceptions       Conditions\n                                                                                Allocated Delivery Order\n                                                                                (DO)/Task Order (TO) totals\n                                                                                (CAB_AMT) for this order.\n                                                                                Testing found inconsistencies\n                                                                                in multiple table entries for\n                                                                                CAB_AMT sums. OAM\n                                                                                explained these sums are\n                                                                                user- entered. Error rates\n                                                                                differed depending on the\n                                                                                table tested for entry. All\n                                                                                table fields contained errors.\nTCAB       CAB_AMT       Cost Aggregate        Reference to    OAM-defined      OAM provided the edit check\n                         Budget Amount         other fields.   field resource   that the field must be \xe2\x89\xa4 to the\n                                                               values did not   parent cost category\'s amount\n                                                               match            (CAD_CST_AMT). In\n                                                               CAB_AMT          testing, many records were\n                                                               field values.    found exceeding these\n                                                                                defined values (the number of\n                                                                                entries differed depending on\n                                                                                the table tested; multiple\n                                                                                tables exist for this field). All\n                                                                                tables with the parent field\n                                                                                showed multiple values\n                                                                                exceeding the edit check rule.\n                                                                                All table fields contained\n                                                                                errors.\nTCEB       CEB_AMT       Cost Element          Reference to    OAM-defined      OAM provided the edit check\n                         Budget Amount         other fields.   field resource   rule that the field must be \xe2\x89\xa4 to\n                                                               values did not   the parent line item\'s amount\n                                                               match            (CEA_AMT). The parent\n                                                               CEB_AMT          exists in multiple tables and\n                                                               field values.    some errors were found in\n                                                                                tests. All table fields\n                                                                                contained errors.\n\n\n\n\n                                          9\n\n\x0c                                                                                                     10-P-0144\n\n\n                                                                                               Appendix C\n\n                                   Data Anomalies\nOur testing of the 79 fields included identifying data outside the expected value range. For\nnumerical fields, that included evaluating maximum values noted in the record set. Date fields\nwere analyzed for the feasibility of the day of the week the dates were entered. In follow-up\ninterviews on these anomalies, OAM program management could not explain these\ninconsistencies.\n\nThese rationality tests identified 13 fields with anomalous records, which fell into one of the\nfollowing categories:\n\n\xe2\x80\xa2     Date entered as a Sunday\n\xe2\x80\xa2     Unusually large monetary amount\n\nIt was noted that both Financial and Compliance related fields were included in this listing of\nexceptions.\n\n\n\n   Table            Field              Full Field Name        Nature of Exceptions      OAM-Summarized Response\n TASG        ASG_FNL_PYM_DT        Assignment Final          22 Sunday dates          The user enters dates and would\n                                   Payment Date                                       need to verify them.\n\n\n\n\n TASG        ASG_LOE               Assignment Level Of       The maximum value for    The user enters values and would\n                                   Effort                    one of the entries was   need to verify them.\n                                                             1,129,905,413.44.\n\n\n\n\n TCAD        CAD_OPTL_AMT          Contract Aggregate Data   The maximum value for    This is expressing an essentially\n                                   Optional Amount           one of the entries was   infinite cost ceiling on a GSA\n                                                             9,000,000,000.00.        Schedule contract (GS-02F-\n                                                                                      0211R). The contracting officer\n                                                                                      that entered this was probably\n                                                                                      trying to make sure there was no\n                                                                                      cap on the ceiling that could be\n                                                                                      used on orders against this\n                                                                                      schedule contract.\n TCEA        CEA_AMT               Cost Element Account      The maximum value for    The user enters values and would\n                                   Amount                    one of the entries was   need to verify them.\n                                                             999,999,999.\n\n TC          C_EST_AMT             Contract Estimated        The maximum value for    The user enters values and would\n                                   Amount                    one of the entries was   need to verify them.\n                                                             50,000,000,000.00.\n\n\n\n\n                                                   10 \n\n\x0c                                                                                             10-P-0144\n\n\n\n\n Table         Field          Full Field Name         Nature of Exceptions      OAM-Summarized Response\nTEFWA    EFWA_CNTRCR_CST    EPA Work Assignment       The maximum value       The user enters values and would\n                               Form Proposed         for one of the entries   need to verify them.\n                               Contractor Cost       was 3,385,794,743.00.\n\n\nTMDFCN   MDFCN_MAX_PTNTL_   Modification Maximum      The maximum value       This is the sum of user-entered\n         VAL_CHNG           Potential Value Change   for one of the entries   values, and would need to be\n                                                     was 400,000,000.00.      verified by the user who entered\n                                                                              them.\n\n\n\nTPOP     POP_MAX_AMT        Period of Performance    The maximum value for    The user enters values and would\n                            Maximum Amount           one of the entries was   need to verify them.\n                                                     999999999.00.\n\n\n\nTPOP     POP_MIN_AMT        Period of Performance    The maximum value for    The user enters values and would\n                            Minimum Amount           one of the entries was   need to verify them.\n                                                     50676590.00.\n\n\nTSYNPS   SYNPS_CST_AMT      Synopsis Cost Amount     The maximum value for    This is the sum of user-entered\n                                                     one of the entries was   values, and would need to be\n                                                     699337192.00.            verified by the user who entered\n                                                                              them.\n\n\n\n\nTVPR     VPR_EST_AMT        Vendor Procurement       The maximum value for    The user enters values and would\n                            Role Estimated Amount    one of the entries was   need to verify them.\n                                                     18263072.00.\n\n\nTVPR     VPR_MAX_AMT        Vendor Procurement       The maximum value for    The user enters values and would\n                            Role Maximum Amount      one of the entries was   need to verify them.\n                                                     51443860.00.\nTCEA     CEA_MAX            Cost Element Account     The maximum value for    The user enters values and would\n                            Maximum                  one of the entries was   need to verify them.\n                                                     999999999.00.\n\n\n\n\n                                            11 \n\n\x0c                                                                                                            10-P-0144\n\n\n                                                                                                        Appendix D\n\n                   Edit & Validation Checks that \n\n                Require Updating in Data Dictionary\n\nGap analysis performed between data dictionary-defined edit and validation checks and\nOAM-provided edit and validation checks revealed 17 fields with discrepancies, representing a\ndivide between edit and validation checks verified by OAM to be in place versus what is actually\ndocumented in the data dictionary.\n\nIt was noted that both Financial and Compliance related fields were included in this listing of\nexceptions.\n\n\n                                     Full Field         OAM-defined Edit /            Data Dictionary        Description of\n  Table           Field               Name               Validation Check               parameters            Discrepancy\nTC         SDB_PREF_PRGRM_CD      Contract Small   Drop-down list selection;        A system generated      Data dictionary\n                                  Disadvantaged    this field is no longer          unique sequential       has no statement\n                                  Business         actively used by the             number                  about disabling\n                                  Program Code     application.                                             the field,\n                                                                                                            inactivity, or\n                                                                                                            non-use\n\n\nTVO        VO_CIS_SML_SFX         Vendor Office    No longer used by ICMS. It       Any valid CIS           Data dictionary\n                                  CIS Small        was part of an interface         Code                    has no statement\n                                  Business         with an EPA information                                  about disabling\n                                  Suffix           system that was retired in                               the field,\n                                                   2002.                                                    inactivity, or\n                                                                                                            non-use\n\nTVPR       SMLBS_SZE_CD           Small Business   This is a nonmandatory           Positive integer.       Data dictionary\n                                  Size Code        field that has evidently                                 has no statement\n                                                   never been used.                                         about disabling\n                                                                                                            the field,\n                                                                                                            inactivity, or\n                                                                                                            non-use\n\nTCAB       CAB_ID_NBR             Cost Aggregate   This column alone is not a       Sequential number       Duplication\n                                  Budget           primary key, rather it is part   that uniquely           errors and\n                                  Identification   of a composite key               identifies a specific   differences on\n                                  Number           (C_ID_CD, ASG_ID_NBR,            cost aggregate          data source.\n                                                   CAB_ID_NBR). Its value           budget item within\n                                                   is system-generated by an        an assignment.\n                                                   Oracle sequence object           Physically derived\n                                                   (number generator). There        for performance\n                                                   should be gaps in the            enhancement\n                                                   numbers. Duplicates are          purposes.\n                                                   acceptable, and are caused\n                                                   because 13 original ICMS\n                                                   databases were merged into\n                                                   the current production\n                                                   database.\n\n\n\n\n                                                   12 \n\n\x0c                                                                                                   10-P-0144\n\n\n\n                            Full Field        OAM-defined Edit /             Data Dictionary        Description of\n  Table          Field        Name              Validation Check                parameters           Discrepancy\nTCEA      CEA_ID_NBR     Cost Element     This column alone is not a       Sequential number       Duplication\n                         Account          primary key, rather it is part   that uniquely           errors and\n                         Identification   of a composite key               identifies a specific   differences on\n                         Number           (C_ID_CD, POP_ID_NBR,            cost element            data source.\n                                          CEA_ID_NBR). Its value is        account within a\n                                          system generated by an           period of\n                                          Oracle sequence object           performance for a\n                                          (number generator). There        procurement.\n                                          should be gaps in the\n                                          numbers. Duplicates are\n                                          acceptable, and are caused\n                                          because 13 original ICMS\n                                          databases were merged into\n                                          the current production\n                                          database.\n\n\n\n\nTCLST     CLST_ID_CD     Close-Out        This column alone is not a       Unique number           Duplication\n                         Identification   primary key, rather it is part   assigned to close       errors and\n                         Code             of a composite key               out records.            differences on\n                                          (C_ID_CD, POP_ID_NBR,                                    data source.\n                                          CEA_ID_NBR). Its value\n                                          is system generated by an\n                                          Oracle sequence object\n                                          (number generator). There\n                                          should be gaps in the\n                                          numbers. Duplicates are\n                                          acceptable, and are caused\n                                          because 13 original ICMS\n                                          databases were merged into\n                                          the current production\n                                          database.\n\nTGPF      GPF_EST_CST    Government       The text "Foreign key to         Any valid dollar        Field sources\n                         Property         Government Property              amount. Foreign         different.\n                         Facilities       Facilities Type reference        key to Government\n                         Estimated Cost   table TGPF_TP_REF" in            Property Facilities\n                                          the data dictionary is           Type reference\n                                          incorrect and should be          table\n                                          removed. The source of           TGPF_TP_REF.\n                                          this information is a user-\n                                          entered number with no edit\n                                          checks.\n\n\n\n\n                                          13 \n\n\x0c                                                                                                       10-P-0144\n\n\n\n                                 Full Field          OAM defined Edit /            Data Dictionary      Description of\n  Table            Field           Name               Validation Check                parameters         Discrepancy\nTASG       FAIR_OPTNTY_CD      Multiple          Additional choices have         The code              Additional\n                               Award             been added to                   representing the      codes 6 and 7\n                               Contract Fair     TFAIR_OPTNTY_REF.               Multiple Award        added and not\n                               Opportunity       Valid values are null or 1-7.   Contract Fair         documented.\n                               Code                                              Opportunity Code.\n                                                                                 Corresponds to\n                                                                                 TFAIR_OPTNTY_\n                                                                                 REF.ID_CD. Valid\n                                                                                 codes are 1 through\n                                                                                 5. The\n                                                                                 TFAIR_OPTNTY_\n                                                                                 REF.DSCR values\n                                                                                 that correspond to\n                                                                                 codes 1 through 5\n                                                                                 are: Fair\n                                                                                 Opportunity\n                                                                                 Process, Urgency,\n                                                                                 One/Unique\n                                                                                 Source, Follow On\n                                                                                 Order, or Minimum\n                                                                                 Guarantee.\nTC         SDB_PREF_PRGRM_CD   Contract Small    This is a foreign key to        Foreign key to        Not allowing\n                               Disadvantaged     TSDB_PREF_PRGRM_RE              TSDB_PREF_PRG         zero values is\n                               Business          F.ID_CD. There should not       RM_REF.ID_CD.         not documented\n                               Program Code      be any zero values. Values      Unique sequential     in the data\n                                                 should repeat. Some values      number.               dictionary.\n                                                 should be null.\n\nTASG       FULL_INCR_CD        Full/Increment    There should not be any         Any permissible       Not allowing\n                               ally Funded       zero values.                    numeric code value    zero values is\n                               Assignment                                        contained in the      not documented\n                               Type                                              ID_CD field of the    in the data\n                                                                                 TFULL_INCR_RE         dictionary.\n                                                                                 F table.\nTMDFCN     MDFCN_MAX_PTNTL_    Modification      This is the sum of user-        Any valid number.     Not specifically\n           VAL_CHNG            Maximum           entered values.                                       defined as user-\n                               Potential Value                                                         entered or a sum\n                               Change                                                                  in the data\n                                                                                                       dictionary\n\nTOBL       OBL_ID_NBR          Obligation        The composite of                Unique in             Differences\n                               Identification    C_ID_CD, ASG_ID_NBR,            combination with      include no\n                               Number            and MDFCN_ID_NBR                PR_CD and             uniqueness and\n                                                 make this field unique. The     COM_ID_NBR.           the wrong fields\n                                                 field is not a unique key.                            listed.\n\n\nTSF_1442   SF_1442_SBA_STATE   Standard Form     Valid State code.               Any valid US state    No mention of\n                               1442 Small                                        abbreviation.         entering ZIP\n                               Business                                                                Codes to receive\n                               Administration                                                          the valid US\n                               State                                                                   state\n                                                                                                       abbreviations\n\n\n\n\n                                                 14 \n\n\x0c                                                                                              10-P-0144\n\n\n\n                            Full Field         OAM defined Edit /          Data Dictionary     Description of\n  Table          Field        Name              Validation Check             parameters         Discrepancy\nTPA_OR    ADDR_ST        Standard Form     Valid ZIP Code.               Any valid two        Neither OAM\nG_ADDR                   1449                                            character US State   nor the data\n_ASS                     Administered                                    abbreviation.        dictionary\n                         By Standard                                                          mention the\n                         Address                                                              existence of zero\n                         Indicator                                                            values\nTASG      ASG_LOE        Assignment        If this is a DO or TO, then   Any valid number.    OAM provides\n                         Level Of Effort   value must be less than or                         more specificity\n                                           equal to 99,999,999,999.99,                        than exists in the\n                                           and value must be \xe2\x89\xa4l to the                        data dictionary.\n                                           sum of all allocated DO/TO\n                                           totals (CAB_AMT) for this\n                                           order.\n\n\n\nTCAB      CAB_AMT        Cost Aggregate    Field must be \xe2\x89\xa4 to the        Any valid number.    OAM provides\n                         Budget            parent cost category\'s                             more specificity\n                         Amount            amount                                             than exists in the\n                                           (CAD_CST_AMT).                                     data dictionary.\n\n\nTCEB      CEB_AMT        Cost Element      Field must be \xe2\x89\xa4 to the        Any valid number.    OAM provides\n                         Budget            parent line item\'s amount                          more specificity\n                         Amount            (CEA_AMT).                                         than exists in the\n                                                                                              data dictionary.\n\n\n\n\n                                           15 \n\n\x0c                                                                                         10-P-0144\n\n\n                                                                                     Appendix E\n\n                                 Agency Response\n                                         April 16, 2010\n\n\nMEMORANDUM\n\nSUBJECT:       Response to Office of Inspector General (OIG) Draft Report: Improved Data\n               Integrity Needed for the Integrated Contracts Management System (ICMS)\n\nFROM:          John C. Gherardini III, Acting Director\n               Office of Acquisition Management\n\nTO:            Rudolph M. Brevard, Director\n               Information Resources Management Assessments\n               Office of Inspector General\n\n        Thank you for the opportunity to comment on the draft report entitled \xe2\x80\x9cImproved Data\nIntegrity Needed for the Integrated Contracts Management System (ICMS),\xe2\x80\x9d dated\nFebruary 26, 2010. We are in general agreement with the findings and recommendations and\nwill ensure all corrective actions are completed as required.\n\nGeneral Comments\n\n        The Office of Acquisition Management (OAM) agrees that ICMS has identified data\nintegrity issues. The U.S. Environmental Protection Agency (EPA) Acquisition System (EAS) is\nbeing implemented to increase data integrity associated with Agency acquisitions and to ensure\nthat similar weaknesses do not exist in the new system. Due to the implementation of EAS and\nthe unavailability of the specific record details associated with the errors identified in Appendix\nA, B, C & D of the report, a review of all the data discrepancies to ensure full agreement of all\nthe errors found would be very difficult.\n\nComments on Recommendations:\n\nRecommendation 1: Take immediate actions to strengthen plans for migrating data from\nICMS to EAS as in outlined Office of Inspector General Quick Reaction report, \xe2\x80\x9cPlans to\nMigrate Data to the New EPA Acquisition System Need Improvement.\xe2\x80\x9d\n\nResponse: In reference to the Quick Reaction reports recommendations to strengthen plans for\nmigrating data from ICMS to EAS, OAM has taken active steps to ensure that data migration\nfrom ICMS to EAS is effective by:\n\n   -   Ensuring the continuation of the two tier review for migrated data for active and inactive\n       contracts.\n\n                                                16 \n\n\x0c                                                                                       10-P-0144\n\n\n   -   Ensuring that appropriate individuals participate in the EAS Migrated Data Review\n       Orientations. Several meetings and training sessions have already taken place in\n       headquarters and the regions.\n   -   Developing a plan to ensure that closed contracts are reviewed for accuracy. OAM will\n       use the existing verification and validation annual exercise to review and ensure closed\n       contract dates are accurate in the system. This task will be completed by 11/15/2010.\n\nRecommendation 2: Conduct and document a review of the EAS data quality controls to\nensure all required edit checks are identified and recorded in the EAS system\ndocumentation and implemented in the system.\n\nResponse: This process was completed through EAS Requirements, Testing and Deployment\nPlanning. Our concern with the report, as written, appears to reveal a lack of understanding\nassociated with the Agency\xe2\x80\x99s ability to easily modify documentation and/or codes associated\nwith a Commercial-Off-The-Shelf (COTS) package. The Office of Management and Budget has\nencouraged agencies to limit customization in an effort to minimize costs to the federal\ngovernment. PRISM, which is the COTS package associated with EAS, is used in acquisition\noffices across the federal government. Modifications such as edit checks and controls have been\ndesigned into the system based on feedback not only from EPA but other federal agencies as\nwell. Documentation associated with PRISM is the responsibility of the PRISM vendor. As\nchanges are made to the system, the vendor is responsible and does provide updated\ndocumentation.\n\nRecommendation 3: Conduct and document a review of EAS system development and\nprogram change control procedures to ensure the EAS data dictionary is updated as\ndatabase fields, and corresponding edit and validation checks, are added or modified\nwithin the system. Implement all needed changes to the procedures.\n\nResponse: System development and program change control procedures as it relates to the\nPRISM software as well as PRISM data dictionary are out of EPA\xe2\x80\x99s control and are the\nresponsibility of the vendor. OAM will conduct and document a review of the EAS system\ndevelopment and program change control procedures as it relates to any customizations applied\nfor EPA. We will ensure that change control procedures clearly identify where EPA\ndocumentation should be updated and ensure those updates are completed. This would be done\nwithin the EAS functional configuration documentation. We have change control procedures in\nplace but will review them by 10/01/2010 to ensure documentation updates are included.\n\n       Should you have any questions regarding this response, please contact me at\n(202) 564-4310 or Margaret Lynch, Service Center Manager, Information Technology Service\nCenter at (202) 564-4605.\n\n\n\n\n                                               17 \n\n\x0c                                                                                  10-P-0144\n\n\n                                                                              Appendix F\n\n                                   Distribution\n\nOffice of the Administrator\nAssistant Administrator, Office of Administration and Resources Management\nAgency Follow-up Official (the Chief Financial Officer)\nAgency Follow-up Coordinator\nDeputy Director, Office of Acquisition Management, Office of Administration and\n       Resources Management\nGeneral Counsel\nAssociate Administrator for Congressional and Intergovernmental Affairs\nAssociate Administrator for Public Affairs\nAudit Follow-up Coordinator, Office of Administration and Resources Management\nAudit Follow-up Coordinator, Office of Acquisition Management,\n       Office of Administration and Resources Management\nActing Inspector General\n\n\n\n\n                                            18 \n\n\x0c'